by Chester Wisniewski on September 5, 2011

Fox-IT, the security auditors hired to investigate the compromise of DigiNotar, the digital certificate authority that signed fraudulent certificates for Google, the CIA and others, released their preliminary findings this afternoon.

It's at least as bad as many of us thought. DigiNotar appears to have been totally owned for over a month without taking action, and they waited another month to take necessary steps to notify the public.

...